tomcat-announce mailing list archives

The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.42.
Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages and Java Expression Language technologies.
This release contains a number of bug fixes and improvements compared to
version 7.0.41. The notable changes include:
- Add support for time to first byte in the AccessLogValve. Patch
provided by Jeremy Boynes.
- Correct a regression introduced in 7.0.39 (refactoring of base 64
encoding and decoding) that broke the JNDI Realm when userPassword
was set and passwords were hashed with MD5 or SHA1.
- Ensure that the build process produces Javadoc that is not vulnerable
to CVE-2013-1571. Based on a patch by Uwe Schindler.
Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
Note: This version has 4 zip binaries: a generic one and three
bundled with Tomcat native binaries for Windows operating systems
running on different CPU architectures.
Note: If you use the APR/native AJP or HTTP connector you *must* upgrade
to version 1.1.24 or later of the AJP/native library and it is
recommended that you upgrade to 1.1.27
Downloads:
http://tomcat.apache.org/download-70.cgi
Migration guides from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html